Updated as at 26/2/2002.
Visual Surveillance in the Workplace
With the increase in availability of surveillance technology, video surveillance is becoming a more popular form of supervision of employees’ work performance. While surveillance in the workplace is a major concern for both employers and employees, there is no general constitutional or common law right to privacy in Australia.
1. Privacy in the workplace
There is a general expectation by employees that laws exist which protect their privacy in the workplace. However, there is no such law. Many activities affecting the privacy of employees are carried out without the knowledge of employees. For example, most software used to operate networks in the workplace (including web servers and mail servers) keep logs of transactions and communications. The logs generally include the email addresses of senders and recipients and the time of transmission. Email content will often be stored on mail servers. Web server logs record data on the sites people visit. System administrators are capable of reading the contents of emails sent and received by the company network.
Surveillance is associated with increased levels of stress and creating distrust and suspicion between employees and employers. Many current surveillance practices by employers, (especially covert surveillance practices), may constitute breaches to the principles of fairness, consent, openness, relevance, use limitation, security and retention limitation.(1) According to the National Privacy Principles, it is suggested that employees should be informed about personal information that is collected and stored and what is done with that information. Businesses can develop their own codes regulating the storage, collection and disclosure of personal information. For further information, please refer to the privacy fact sheet.
2. The Workplace Video Surveillance Act 1998 (NSW)
Although there is no general law protecting the privacy of employees, the Workplace Video Surveillance Act 1998 (NSW) does regulate video surveillance of employees in New South Wales. The Act only applies to covert video surveillance and thus, does not cover overt surveillance or telephone or computer monitoring. Under the Act, there is a presumption that any video surveillance is covert unless:
(i) 14 days prior notice is given to the employee of the intended video surveillance;
(ii) any camera or equipment used is clearly visible; AND
(iii) signs notifying the employees of the surveillance are clearly visible(2).
The Act only allows an employer to undertake covert video surveillance for the sole purpose of working out whether the employee is involved in unlawful activity in the workplace and the surveillance must be authorised by an authority issued by a magistrate (3). If the employer undertakes the surveillance for any other purpose or does so without a magistrate’s authority, the employer will be in breach of the Act. Therefore, an employer is not allowed to use covert video surveillance to monitor an employee’s performance(4). Finally, employees cannot be monitored in a toilet, change room or bathing facility.
3. Surveillance: An Interim Report
The New South Wales Privacy Committee’s report on Video Surveillance in the Workplace(5) suggested that the most effective form of regulation of video surveillance in the workplace would be through the amendment of industrial relations legislation. The legislation should restrict the use of video surveillance in certain areas such as toilets, showers and change rooms. Employers should be required to apply for permits from the Industrial Relations Court if video surveillance is conducted in the restricted areas mentioned above, or when other forms of covert surveillance are used. Employers should justify the use, location and duration of the surveillance and what impact it may have on employees’ privacy.
4. Guidelines on Workplace Email, Web Browsing and Privacy
The Australian Privacy Commissioner at the Federal level as well as the NSW Privacy Committee have both published guidelines on workplace surveillance to assist employers on the issue.
a) The Australian Privacy Commissioner – Guidelines on Workplace Email, Web Browsing and Privacy.
The Commissioner considers organisations are responsible for their own computer systems and networks and should have the right to make directions or rules as to their use. The Guidelines do not have the force of legislation but complement the new privacy legislation. They require employers to have an email or Information Technology policy that sets out to staff what activities are permitted and what is forbidden. Furthermore, the National Privacy Principles require an organisation to set out its policy on the management of personal information and must be available to anyone who asks for it.
The Guidelines suggest a policy should:
(i) Be made available to staff and management and should ensure that it is known and understood by staff. The policy should be linked from a screen the user sees when they log onto the network.
(ii) Be explicit as to what activities are permitted and forbidden.
(iii) Clearly set out what information is logged and who has rights to access the logs and content of staff email and browsing activities.
(iv) Refer to the organisation’s computer security to the extent that improper use of email may pose a threat to system security, people’s privacy and the legal liability of the organisation.
(v) Outline in plain English how the organisation will monitor staff compliance with company rules on acceptable use of email and web browsing.
(vi) Be reviewed regularly in accordance with the development of the Internet and information technology. The policy should be reissued whenever significant change is made.
b) The NSW Privacy Committee’s guidelines
The Committee has also issued its own guidelines on video surveillance in the workplace. These guidelines aim to strike a balance between the business interests of employers and reasonable standards of privacy protection for employees.
The guidelines cover 14 issues(6):
(i) Justification prior to installing video surveillance.
(ii) Prohibited uses.
(iii) Consultation with employees.
(iv) Notification in areas which are under surveillance.
(v) Regular justification for the continued operation of surveillance systems.
(vi) Camera operating hours.
(vii) Location of surveillance cameras.
(viii) Conduct of surveillance.
(ix) Access to tapes.
(x) Retention of tapes.
(xi) Restrictions on external access to tapes.
(xii) Employees’ rights to view tapes.
(xiii) Exceptions from the guidelines.
(xiv) Compliance with the guidelines.
5. Email and the workplace
Employees tend to treat email informally and generally do not take the same amount of care as they would in writing formal correspondence. Emails are easily forwarded, altered, forged or sent to unintended recipients by mistake.
Emails may also be the subject of discovery in litigation and may be subject to review in criminal investigations.
An employer may dismiss an employee for misuse of email(7) provided the employer:
(i) Clearly demonstrates the email was an unauthorised use as defined by the employer’s email policy (otherwise an employer could be said to have impliedly authorised the usage).
(ii) Objects to emails on the basis of usage rather than content.
(iii) Investigates the employee in accordance with any disciplinary policy that exists.
(iv) Gives the employee the opportunity to respond to the allegations.
6. Screening email and internet use
Telecommunications legislation prohibits the interception of communications carried on a telecommunications system by listening and recording without the consent of the originator.(8)
However, retaining records of email and internet use on a server is unlikely to constitute an interception of communications under the telecommunications legislation as they are being stored and are not being ‘intercepted’.(9) Although undecided in Australian, US experience(10) suggests employees who send email give an implied consent to the storage of their messages.(11) The US also ruled that a company did not have to notify its employees that their emails would be examined since the system was considered to be the company’s equipment thus it is entitled to examine its contents.(12)
Employers should develop a record keeping policy in relation to storing email and other electronic documents. Generally, the same business and commercial rules apply to electronic records and hard copy documents. Employers should ensure emails relevant to transactions and the ordinary conduct of business activities are stored appropriately.
Emails automatically stored by an organisation’s system leaves a clear written record of transactions and correspondence that is discoverable in litigation proceedings and which could be used as evidence against its authors.
7. Employee Records
Employee records are exempt from the requirements of the National Privacy Principles. The exemption applies to the collection, use or disclosure of information contained in employee records in the context of the employment relationship. Employee records remain exempt until they are no longer used for the purpose of the employment relationship.(13)
8. Defamation
In general, employers can be liable for the actions of employees during the course of their employment. Employers may be directly or vicariously liable for defamatory statements made by employees by email or on the internet. Although undecided in Australia, employers who provide email and internet access to employees may be treated in similar fashion to internet service providers (ISPs). An employer may be liable for defamatory statements by an employee if it is shown that the employer had or should have had knowledge of the statement.
For further information see the Defamation Fact Sheet.
9. Disability Discrimination
An employer must ensure they do not deny access to internet, email and other technologies to employees with disabilities. Although there may be no intention on the part of the employer to discriminate, a practice that applies to everyone but has a disproportionate effect on one particular group of people if likely to constitute indirect discrimination. For example, if employees communicate by email and there is an employee who is vision impaired, unless reasonable steps are taken to accommodate his or her impairment (provide a larger screen or voice activated software), a court may find the employer has indirectly discriminated against that employee. For further information see the Disability Discrimination Fact Sheet.
10. Harassment
Sexual harassment is prohibited in all Australian States and Territories. E-mail can be used as a medium for unwanted attention, amounting to harassment for the purposes of the relevant legislation. The inappropriate use of email, screen savers and internet may also amount to sexual harassment in some circumstances.
Employers are liable for their own acts of sexual harassment and can be held legally responsible for sexual harassment by their employees unless all reasonable precautions are taken.(14) Generally, lack of awareness that an employee sexually harassed another will not discharge an employer’s vicarious liability.
Sexual harassment can take various forms including offensive communications by email or displaying offensive internet material. It can involve behaviour creating a sexually permeated or hostile working environment and can include a single incident(15) as opposed to repeated or continuous occurrences.
Employers have a common law and statutory duty to take reasonable care for the health and safety of their employees. Failure to fulfil the duty of care can amount to a breach of the employment contract as well as negligence on the party of the employer. This means that an employee who has been harmed could bring an action against an employer in contract or tort.
A work environment in which an employee is subject to unwanted sexual advances, unwelcome requests for sexual favours, other unwelcome conduct of a sexual nature, or forms of sex-based harassment, is not one in which an employer has taken reasonable care for the health and safety of its employees. A work environment or a system of work that gives rise to this type of conduct is not a healthy and safe work environment or system of work. An employer may be regarded as not having acted reasonably to prevent a foreseeable risk if practicable precautions are not taken to eliminate or minimise sexual harassment in the workplace.(16)
11. Electronic Document Management
Storing electronic communications (including employee emails) greatly increases the volume of documents that may be discoverable in legal proceedings. This adds significantly to the time and cost involved in preparing for and conducting legal proceedings. Retaining records increases the likelihood of a company being embarrassed by any informal content once discovered.
For further information see the Keeping Electronic Records Fact Sheet.
Other relevant Fact Sheets:
Cyberspace Crime
Disability Discrimination
Keeping Electronic Records
Privacy
Sources of Law
Privacy (Private Sector) Amendment Act 2000 (Cth)
Telecommunications (Interception) Act 1979 (Cth)
Sex Discrimination Act 1984 (Cth)
Privacy Act 1988 (Cth)
Telecommunications (Interception) Act 1979
End Notes
1. Tim Dixon, “Workplace video surveillance – controls sought”, Privacy Law and Policy Reporter.
2. Workplace Video Surveillance 1998 (NSW) s 4(1)
3. Workplace Video Surveillance Act 1998 (NSW) s 7(1)
4. Workplace Video Surveillance Act 1998 (NSW) s 9(3)(a)
5. For further information and the full report, see the NSW Law Reform Commission’s Website http://www.lawlink.nsw.gov.au
6. Tim Dixon, “Workplace video surveillance – controls sought”, Privacy Law and Policy Reporter
7. Australian Municipal, Administrative, Clerical & Services Union v Ansett Australia Ltd [2000] FCA 441 (7 April 2000)
8. Telecommunications (Interception) Act 1979
9. ibid section 5(1) definition of "telecommunications system"
10. Bohach and Catalano v The City of Reno
11. In relation to general issues of unauthorised access to computers, see the Criminal Law Fact Sheet.
12. Smyth v Pillsbury Company
13. The reason for this exemption is that the government felt that the protection of employee records was more properly a matter for workplace relations legislation.
14. Sex Discrimination Act 1984 (Cth) section 106
15. Hall & Ors v A. & A. Sheiban Pty Ltd & Ors
16. Therese MacDermott, "The Duty to Provide a Harassment-Free Work Environment", 37 Journal of Industrial Relations 495.